In Firefox, we currently use "eval-script" as part of the options directive: https://wiki.mozilla.org/Security/CSP/Specification#Directives But we will be changing that soon to match the CSP 1.0 specification. ~Tanvi On 7/19/12 10:54 AM, Eric Chen wrote: > Hi John: > > On Thu, Jul 19, 2012 at 10:45 AM, John J Barton > <johnjbarton@johnjbarton.com <mailto:johnjbarton@johnjbarton.com>> wrote: > > Hi. I was looking into converting my application to use CSP when I > learned that neither eval nor new Function() are allowed. I have a > large application that uses these features to compile JS at > runtime. I am wondering what alternatives are available. > > > You can use 'unsafe-eval' to allow eval > > > -- > -Eric >Received on Thursday, 19 July 2012 18:55:52 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:28 UTC